package kit.token;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.log4j.Logger;
import org.jose4j.jwt.consumer.JwtConsumer;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.keys.HmacKey;

import com.jfinal.plugin.ehcache.CacheKit;

/**
 * Token Configuration Holder.
 * We will hold information like Issuer, Audience, Time-out time and key here.
 * @author Paras
 *
 */
public class TokenConfiguration {
	
	private static Logger LOGGER = Logger.getLogger( TokenConfiguration.class );
		
	/**
	 * Key to be used for signature setting and verification.
	 */
	private String tokenKey;
    
    /**
     * Key to be used for value encryption and decryption.
     */
	private String encryptionKey;
	
	/**
	 * Issuer of token.
	 */
	private String issuer;
	
	/**
	 * Audience of token.
	 */
	private String audience;
	
	/**
	 * Token Time-out time.
	 */
	private int timeout;
	
	/**
	 * Token Subject 
	 */
	private String subject;
	

	private JwtConsumer consumer;

	public JwtConsumer getConsumer() {
		return consumer;
	}

	public void setConsumer(JwtConsumer consumer) {
		this.consumer = consumer;
	}

	public String getTokenKey() {
		return tokenKey;
	}

	public void setTokenKey(String tokenKey) {
		this.tokenKey = tokenKey;
	}

	public String getEncryptionKey() {
		return encryptionKey.substring(0, 16);
	}

	public void setEncryptionKey(String encryptionKey) {
		this.encryptionKey = encryptionKey;
	}

	public String getIssuer() {
		return issuer;
	}

	public void setIssuer(String issuer) {
		this.issuer = issuer;
	}

	public String getAudience() {
		return audience;
	}

	public void setAudience(String audience) {
		this.audience = audience;
	}

	public int getTimeout() {
		return timeout;
	}

	public void setTimeout(int timeout) {
		this.timeout = timeout;
	}

	public String getSubject() {
		return subject;
	}

	public void setSubject(String subject) {
		this.subject = subject;
	}

	/**
	* @Title: init
	* @Description:  启动时将数据装入缓存，可以从数据库读取出授权的app信息插入。 {缓存名称，appkey,appsecret}
	* @author yangyw
	* @throws
	*/
	public static void init() {

		TokenConfiguration config = new TokenConfiguration();
		config.setTokenKey(DigestUtils.md5Hex("tokenKey"));// 生成签名的key
		config.setEncryptionKey(DigestUtils.md5Hex("encryptionKey"));// 加密传输数据，也相当于签名
		config.setIssuer("issuerapp");
		config.setAudience("server");
		config.setTimeout(3);// 失效时间
		config.setSubject("subject");
		//customer
		JwtConsumerBuilder consumerBuilder = new JwtConsumerBuilder()
				.setRequireExpirationTime()
				.setAllowedClockSkewInSeconds(30)
				.setMaxFutureValidityInMinutes(config.getTimeout())
				.setRequireSubject()
				.setVerificationKey(new HmacKey(config.getTokenKey().getBytes()))
				.setExpectedSubject(config.getSubject()).setExpectedIssuer(config.getIssuer())
				.setExpectedAudience(config.getAudience()).setRelaxVerificationKeyValidation();
		config.setConsumer(consumerBuilder.build());
		String appkey = DigestUtils.md5Hex("apikey");
		CacheKit.put("oauth", appkey, config);// 通过appkey查询出配置，进行对不同appkey的解码。

	}
}